Allow for truncation in CTR mode.

This re-enables the behaviour of Libgcrypt 1.4.  Such truncation is
used by libotr and the current error-ed out here.  The bug was
introduced due to a rewrite of the function and the undocumented
feature of truncating OTR data.

2 files changed, 11 insertions, 6 deletions

diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index df27babb..4cde857d 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,8 @@
+2011-04-11  Werner Koch  <wk@g10code.com>
+
+	* cipher.c (do_ctr_encrypt): Allow arbitrary length inputs to
+	match the 1.4 behaviour.
+
 2011-04-04  Werner Koch  <wk@g10code.com>
 
 	* ecc.c (compute_keygrip): Release L1 while parsing "curve".
diff --git a/cipher/cipher.c b/cipher/cipher.c
index a2f8bb99..e5bb2e02 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -1453,22 +1453,22 @@ do_ctr_encrypt (gcry_cipher_hd_t c,
   unsigned int blocksize = c->cipher->blocksize;
   unsigned int nblocks;
 
-  /* FIXME: This code does only work on complete blocks.  */
-
   if (outbuflen < inbuflen)
     return GPG_ERR_BUFFER_TOO_SHORT;
 
-  if ((inbuflen % blocksize))
-    return GPG_ERR_INV_LENGTH;
-
+  /* Use a bulk method if available.  */
   nblocks = inbuflen / blocksize;
   if (nblocks && c->bulk.ctr_enc)
     {
       c->bulk.ctr_enc (&c->context.c, c->u_ctr.ctr, outbuf, inbuf, nblocks);
       inbuf  += nblocks * blocksize;
       outbuf += nblocks * blocksize;
+      inbuflen -= nblocks * blocksize;
     }
-  else
+
+  /* If we don't have a bulk method use the standard method.  We also
+     use this method for the a remaining partial block.  */
+  if (inbuflen)
     {
       unsigned char tmp[MAX_BLOCKSIZE];